diff --git a/serverless/images/individual-role.png b/serverless/images/individual-role.png
index 810be3a3..30c06646 100644
Binary files a/serverless/images/individual-role.png and b/serverless/images/individual-role.png differ
diff --git a/serverless/pages/custom-roles.mdx b/serverless/pages/custom-roles.mdx
index bda7c9fa..e238385e 100644
--- a/serverless/pages/custom-roles.mdx
+++ b/serverless/pages/custom-roles.mdx
@@ -2,16 +2,15 @@
slug: /serverless/custom-roles
title: Custom roles
description: Create and manage roles that grant privileges within your project.
-tags: [ 'serverless', 'Elasticsearch', 'Observability', 'Security' ]
+tags: [ 'serverless', 'Elasticsearch', 'Security' ]
---
-
Coming soon
-This content applies to:
+This content applies to:
The built-in organization-level roles and instance access roles are great for getting started with ((serverless-full)), and for system administrators who do not need more restrictive access.
@@ -92,6 +91,6 @@ As new features are added to ((serverless-full)), roles that use the custom opti
After your roles are set up, the next step to securing access is to assign roles to your users.
-{/* Click the **Assign roles** link... */}
-Learn more in
+Click the **Assign roles** link to go to the **Members** tab of the **Organization** page.
+Learn more in .
\ No newline at end of file
diff --git a/serverless/pages/manage-access-to-org-user-roles.mdx b/serverless/pages/manage-access-to-org-user-roles.mdx
index f6267569..d264c407 100644
--- a/serverless/pages/manage-access-to-org-user-roles.mdx
+++ b/serverless/pages/manage-access-to-org-user-roles.mdx
@@ -8,12 +8,12 @@ tags: [ 'serverless', 'general', 'organization', 'roles', 'how to' ]
Within an organization, users can have one or more roles and each role grants specific privileges.
-You can set a role:
+You must assign user roles when you invite users to join your organization.
+To subsequently edit the roles assigned to a user:
-- globally, for all projects of the same type (Elasticsearch, Observability, or Security). In this case, the role will also apply to new projects created later.
-- individually, for specific projects only. To do that, you have to set the **Role for all instances** field of that specific project type to **None**.
+1. Go to the user icon on the header bar and select **Organization**.
-
+2. Find the user on the **Members** tab of the **Organization** page. Click the member name to view and edit its roles.
## Organization-level roles
@@ -24,8 +24,21 @@ You can set a role:
## Instance access roles
Each serverless project type has a set of predefined roles that you can assign to your organization members.
+You can assign the predefined roles:
+
+- globally, for all projects of the same type (((es-serverless)), ((observability)), or ((security))). In this case, the role will also apply to new projects created later.
+- individually, for specific projects only. To do that, you have to set the **Role for all** field of that specific project type to **None**.
+
+For example, you can assign a user the developer role for a specific ((es-serverless)) project:
+
+
+
+
+You can also optionally create custom roles in a project.
+To assign a custom role to users, go to "Instance access roles" and select it from the list under the specific project it was created in.
+
-### Elasticsearch
+### ((es))
- **Admin**. Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges.
@@ -33,7 +46,7 @@ Each serverless project type has a set of predefined roles that you can assign t
- **Viewer**. Has read-only access to project details, data, and features.
-### Observability
+### ((observability))
- **Admin**. Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges.
@@ -41,7 +54,7 @@ Each serverless project type has a set of predefined roles that you can assign t
- **Viewer**. Has read-only access to project details, data, and features.
-### Security
+### ((security))
- **Admin**. Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges.
diff --git a/serverless/pages/manage-access-to-org.mdx b/serverless/pages/manage-access-to-org.mdx
index 68ab92b3..09db2e9c 100644
--- a/serverless/pages/manage-access-to-org.mdx
+++ b/serverless/pages/manage-access-to-org.mdx
@@ -5,9 +5,7 @@ description: Add members to your organization and projects.
tags: [ 'serverless', 'general', 'organization', 'overview' ]
---
-To allow other users to interact with your projects, you must invite them to join your organization.
-
-When inviting them, you also to define their access to your organization resources and instances.
+To allow other users to interact with your projects, you must invite them to join your organization and grant them access to your organization resources and instances.
1. Go to the user icon on the header bar and select **Organization**.
@@ -15,11 +13,8 @@ When inviting them, you also
- In **Instance access**, The **Deployment** tab correspond to [hosted deployments](https://www.elastic.co/guide/en/cloud/current/ec-getting-started.html), while **Elasticsearch**, **Observability**, and **Security** correspond to serverless projects.
-
+ You can grant access to all projects of the same type with a unique role, or select individual roles for specific projects.
+ For more details about roles, refer to .
3. Click **Send invites**.